Crisis prevention and management: Global GCs step forward

For those of us who have championed the idea of “general counsel as global business strategists,” KPMG's most recent study is a welcome validator of the essential points we’ve emphasized.

“Over the Horizon: General Counsel Report 2014” follows up on KPMG's pioneering 2012 study “Beyond the Law,” which assessed the extent to which GCs are now business strategists, particularly as they’re positioned vis-à-vis corporate boards. For a communications professional, the report has additional value in its emphasis on risk management and crisis prevention, including rich anecdotal evidence and attributed comments by top in-house lawyers.

The study cites Kenneth Frazier, Merck's GC during the Vioxx turmoil and its current CEO. Frazier's handling of those reputational and legal issues must have been decisive to his promotion. “Never waste a crisis,” as the report reminds its readers.

Now we see in-house counsel involved to a greater extent in the internal mechanisms designed for preventive impact. At Cemex, GC Ramiro Villarreal is secretary of both the audit and corporate practice committees and is a member of the risk management committee.

At GTI Group, GC Dan Fitz works closely on the company's group risk register, overseeing the top 12 risk areas plus those risks “bubbling under,” related to individual business lines. Fitz has played a key role formulating GTI's crisis management plan while participating in-group role-play exercises.

As might be expected, regulatory is still the area providing GCs the most compelling opportunity to show leadership. It's their substantive bailiwick, and the one area where their predictive instincts can have the most telling business impact.

At RBS, deputy head of operational risk management Richard Collins says they regularly scan to see where regulators will focus next. Now it's consumer banking, especially as regulations get transferred from one jurisdiction to another.

Yet if regulatory is the most obvious area where in-house counsel make their predictive bones, 60 percent of KPMG's respondents agree it's also their greatest challenge. As Melanie Rowlands, deputy to the GC at Smiths Group PLC, advises, regulators “are under pressure to be seen to be effective,” and are therefore “less predictable than ever.” We’re back in the Court of Public Opinion where regulators are susceptible to the passing political fancies of elected officials to whom they ultimately answer.

Nowhere is that public tribunal more demanding than in the area of cybersecurity, as nowhere else is the public more decisively affected. It's interesting to read the comment by Airbus Group GC Peter Kleinschmidt in “Over the Horizon” that it's not a question for the legal officer. “Ask the chief technical officer,” says Kleinschmidt; the issue is “inaccessible to legal remedies.”

Is such a perspective now anomalous or indicative of a persistent silo-like mentality? Comments to KPMG from Merck, Sanofi and Cemex suggest the former, and are confirmation that the human error or wrongdoing causing these disasters is a public as well as legal problem. Even the technological fault lines—like excessive downloading or, as Villarreal points out, the danger when employees create their own back-up files—are human issues requiring the input of all business strategists.

Cybersecurity involves much more than technology, maintains Stephen Bonner, KPMG's head of cyber for financial services, who says GCs must be at the table. They must advise on the legal impact of breaches, on how to communicate to stakeholders, what steps to take and how to respond if the perps get caught.

For legal, “it's all about what you can do, not what you can't,” says Bonner.